TKW22 Posted February 23, 2009 Share Posted February 23, 2009 I'm still new at php and mysql and I’m trying to make a login for my site.But I can’t get the password to go.Ether you can enter any password with == or you can't get any password to go with != .heres the code <?phpinclude_once ('login3.php');require_once('recaptchalib.php');$error_string = '';$publickey = "... ";$privatekey = "... ";# the response from reCAPTCHA$resp = null;# the error code from reCAPTCHA, if any$error = null;# are we submitting the page?if ($_POST["submit"]) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) {if (strlen(trim($name)) > 7){echo 'sorry you name is to long<br/>'; }elseif (strlen($password) > 45){echo 'you pass is to long<br/>'; }elseif (strlen($age) > 3){echo 'come on now no name is that long<br/>';}elseif ($age == '' || $password == '' || $name == ''){echo 'fill out all of login';} elseif ($nu_row2['name'] != trim($name) ) { echo 'sorry no such user'; echo mysql_error(); unset ($name); die; } elseif ($su_row['password'] != $password){ echo 'hello'; die; } else { $_SESSION['user_name'] = $name; echo '<a href="http://domain.com/">go back to </a>'; echo mysql_error(); exit(); } } else { # set the error code so that we can display it. You could also use # die ("reCAPTCHA failed"), but using the error message is # more user friendly $error = $resp->error; }}echo recaptcha_get_html($publickey, $error);?> Thanks for the helpedit> sorry forgot to get rid of my url Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2009 Share Posted February 24, 2009 Ether you can enter any password with == or you can't get any password to go with != .What do you mean by that? Which line are you talking about? What is $su_row? Where are you setting $password? Link to comment Share on other sites More sharing options...
TKW22 Posted February 24, 2009 Author Share Posted February 24, 2009 yea right here. elseif ($su_row['password'] != $password){echo 'hello';die;} sorry about that. oh yea i forgot to post the login3.phpso here it is. <?phpsession_start(); require_once '????.php'; $age = $_POST['age']; $password = sha1($password['password']); $name = $_POST['user_name']; $name = stripcslashes($name);$name = mysql_real_escape_string($name);$password = stripcslashes($password);$password = mysql_real_escape_string($password);$age = stripcslashes($age);$age = mysql_real_escape_string($age); $checkuser = "SELECT name, lastname, age, password FROM users WHERE name='$name' LIMIT 1"; $checkuser2 = "SELECT name, lastname, age, password FROM users WHERE password='$password' LIMIT 1";$res = mysql_query($checkuser);$res2 = mysql_query($checkuser2);$nu_row = mysql_num_rows($res);$su_row = mysql_num_rows($res2);$nu_row2 = mysql_fetch_assoc($res);$nu_row3 = mysql_fetch_assoc($res2); ?> Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2009 Share Posted February 24, 2009 Are you sure this line is right:$password = sha1($password['password']);Is $password an array with an element called "password"?When you compare here:elseif ($su_row['password'] != $password){$su_row comes from here:$su_row = mysql_num_rows($res2);$su_row is a number, not the user record. I'm not real sure what you're doing with the database there, there's no reason to get one row based on the name and another based on the password. It's also not necessary to keep track of how many rows there are, you can always calculate that. I would get rid of this entire section: $checkuser = "SELECT name, lastname, age, password FROM users WHERE name='$name' LIMIT 1"; $checkuser2 = "SELECT name, lastname, age, password FROM users WHERE password='$password' LIMIT 1";$res = mysql_query($checkuser);$res2 = mysql_query($checkuser2);$nu_row = mysql_num_rows($res);$su_row = mysql_num_rows($res2);$nu_row2 = mysql_fetch_assoc($res);$nu_row3 = mysql_fetch_assoc($res2); and replace it with this: $checkuser = mysql_query("SELECT name, lastname, age, password FROM users WHERE name='{$name}'");if ($user_row = mysql_fetch_assoc($checkuser)) $user_found = true;else $user_found = false; After that, $user_row is your user data from the database if it was found, and $user_found will tell you if it was found or not. You can compare the password against $user_row['password']. You can check $user_found to figure out if a user with the given name exists.Other than that, I advise you to turn on error reporting, this script has a lot of errors that probably aren't showing up for you. You can enable error reporting by adding this to the top: error_reporting(E_ALL);ini_set('html_errors', 1);ini_set('log_errors', 0);ini_set('display_errors', 1); Link to comment Share on other sites More sharing options...
TKW22 Posted February 24, 2009 Author Share Posted February 24, 2009 ok i did that but i still can't sin in and im working on the errors.i keep on getting invalided password is found Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2009 Share Posted February 24, 2009 Get the error messages enabled, there should be some info there. Link to comment Share on other sites More sharing options...
TKW22 Posted February 24, 2009 Author Share Posted February 24, 2009 I thought i did but i had them in the wrong place.Heres the errors. Notice: Undefined index: password in login4.php on line 191Notice: Undefined index: submit in login4.php on line 206Notice: Undefined index: age in login4.php on line 10Notice: Undefined index: user_name in login4.php on line 12fixed Notice: Undefined variable: password in login4.php on line 15 but now i have Notice: Undefined index: password in login4.php on line 15 Can you tell me what they mean?I'll be back later Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2009 Share Posted February 24, 2009 You get an undefined index when you try to access an array element that doesn't exist. Like with this line:$password = sha1($password['password']);If $password['password'] does not exist, it will give you that error. Link to comment Share on other sites More sharing options...
TKW22 Posted February 24, 2009 Author Share Posted February 24, 2009 Ok so what do I have wrong here?Heres line 15 $password = $_POST['password']; heres the html to it <p>password: <input type="password" name="password" value="" /></p> Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2009 Share Posted February 24, 2009 Assuming the form is submitted, that will work fine. You might need to check whether or not the form was submitted before checking for a password. Link to comment Share on other sites More sharing options...
TKW22 Posted February 24, 2009 Author Share Posted February 24, 2009 Heres what i got. <form method="POST" > <p>name: <input type="text" name="user_name" value="" /></p> <p>password: <input type="password" name="password" value="" /></p> <p>age: <input type="text" name="age" value="" /></p> <p><?php $password = sha1($_POST['password']);$password = trim($password);$password = stripcslashes($password);$password = mysql_real_escape_string($password);require_once('recaptchalib.php');$error_string = '';$publickey = "...";$privatekey = "...";# the response from reCAPTCHA$resp = null;# the error code from reCAPTCHA, if any$error = null;# are we submitting the page?if ($_POST["submit"]) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) {if (strlen(trim($name)) > 7){echo 'sorry you name is to long<br/>'; }elseif (strlen($password) > 45){echo 'you pass is to long<br/>'; }elseif (strlen($age) > 3){echo 'come on now no name is that long<br/>';}elseif ($age == '' || $password == '' || $name == ''){echo 'fill out all of login';} elseif ($user_row['name'] != trim($name) ) { echo 'sorry no such user'; echo mysql_error(); unset ($name); die; } elseif ( sha1($password) != $user_row['password']){ echo $password; die; } else { $_SESSION['user_name'] = $name; echo '<a href="http://....com/">go back to ....com</a>'; echo mysql_error(); exit(); } } else { # set the error code so that we can display it. You could also use # die ("reCAPTCHA failed"), but using the error message is # more user friendly $error = $resp->error; }}echo recaptcha_get_html($publickey, $error);?></p> <input type="submit" name="submit" value="submit" /> </form> Link to comment Share on other sites More sharing options...
justsomeguy Posted February 24, 2009 Share Posted February 24, 2009 Yeah, you're not checking if the form was submitted before trying to get the password. If you want to check, you can use isset($_POST['password']) to see if post contains a password field. You can also replace these lines:$password = sha1($_POST['password']);$password = trim($password);$password = stripcslashes($password);$password = mysql_real_escape_string($password);with this: $password = $_POST['password'];if (get_magic_quotes_gpc()) $password = stripslashes($password);$password = sha1(trim($password)); You don't need to use mysql_real_escape_string, there aren't any dangerous characters in a SHA-1 hash. Link to comment Share on other sites More sharing options...
TKW22 Posted February 25, 2009 Author Share Posted February 25, 2009 I got it to work.Thanks for the help.I'll work on the error later. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.